TWiki> EMI Web>EmiProjectStructure>EmiProductTeams>LoggingBookkeeping>LBServiceReferenceCard (2012-12-21, FrantisekDvorak) EditAttachPDF

gLite Logging and Bookkeeping Service

Daemons running

The following daemons need to be running:

  • Multiple instances of /usr/bin/glite-lb-bkserverd
  • Multiple instances of /usr/bin/glite-lb-interlogd
  • /usr/bin/glite-lb-notif-interlogd
  • /usr/bin/glite-lb-logd

Init scripts and how to use them

There is a global init script for all gLite services running on the server:

  • /etc/init.d/gLite

There are also init scripts for individual segments of the L&B event delivery and processing chain:

  • /etc/init.d/glite-lb-bkserverd for the L&B server
  • /etc/init.d/glite-lb-harvester for the L&B harvester
  • /etc/init.d/glite-lb-locallogger for L&B's local logger and interlogger

Location and description of configuration files

Configuration files for the L&B service are:

  • /etc/glite-lb/lcas.db defining the location of the lcas plugin
  • /etc/glite-lb/log4crc defining the behavior and granularity of log4c logging
  • /etc/glite-lb/glite-lb-harvester.conf specifying the configuration of the L&B harvester
  • /etc/glite-lb/msg.conf defining the configuration (brokers, permissible topic prefixes, plugin location) for messaging over ActiveMQ
  • /etc/glite-lb/glite-lb-authz.conf giving authorization settings for the L&B server

Configuration files added with EMI-2

  • /etc/glite-lb/site-notif.conf defining permanent notification registrations to be maintained by the glite-lb-notif-keeper

Configuration files added with EMI-3

  • /etc/glite-lb/html-header.html giving an optional style/header for L&B's HTML output

Location and description of log files.

All logging information for L&B is found in:

  • /var/log/messages

Log messages follow the common log format

Open ports

  • 2170: standard BDII
  • 9000: job status and logging-info queries
  • 9001: event gathering from LB loggers (WMS, CE)
  • 9002: local logger listening
  • 9003: WS client queries

Description of existing cron jobs

  • glite-lb-purge.cron ensures regular purging of old jobs
  • locallogger.cron ensure reloading of CRLs by the interlogger
  • bdii-proxy BDII proxy
  • fetch-crl keeps CRLs up-to-date
  • glite-lb-notif-keeper maintains site-specific notification regitsrations

Description of existing utility scripts

  • /usr/bin/glite-lb-dump used to dump the contents of the L&B database for a given period of time
  • /usr/bin/glite-lb-load used to load events dumped with /usr/bin/glite-lb-dump
  • /usr/bin/glite-lb-purge used to purge jobs from the L&B database

Security information

Access control Mechanism description (authentication & authorization)

The authentication method is based on trusted digital certificates. Depending on the server configuration and action requested, the users may be required to present VOMS attributes in their proxy certificates.

L&B version 3.0 server introduces new authorization features, controlled through config file /etc/glite-lb/glite-lb-authz.conf

How to block/ban a user

Banning individual users isn't possible in LB.

Network Usage

By default L&B server listens on port 9000 for incoming queries, 9001 for events, and 9003 for WS interface queries. The glite-lb-logd daemon listens on port 9002.

L&B proxy communicates over two UNIX sockets: /tmp/lb_proxy_server.sock (queries) and /tmp/lb_proxy_store.sock (incoming events).

Firewall configuration

The firewall configuration should allow access to these ports:

  • 9000/TCP, 9001/TCP and 9003/TCP.
  • 2170/TCP for the resource BDII service.

Security recommendations

None

Security incompatibilities

None currently known

Change of certificates 

cp /etc/grid-security/hostcert.pem ~glite/.certs/
cp /etc/grid-security/hostkey.pem ~glite/.certs/
chown glite:glite ~glite/.certs/host*.pem

/etc/init.d/glite-lb-bkserverd restart
/etc/init.d/glite-lb-locallogger restart

Note, glite user and its home directory is created in post-installation scripts of glite-lb-server, glite-lb-logger, glite-lb-harvester or glite-px-proxyrenewal. Home directory location had been changed in EMI but it remains the same across upgrades. Home directory locations for glite user can be:

  • /home/glite (in pre-EMI or glite user created by yaim befor installaiton of L&B and later upgrades)
  • /var/glite (in EMI-2 and later upgrades)
  • /var/lib/glite (in EMI-3)

List of externals packages that are not maintained by the supported OS.

None at installation/runtime

-- ZdenekSustr - 19-Apr-2011

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2012-12-21 - FrantisekDvorak
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback